Ignore:
Timestamp:
Sep 11, 2015, 2:16:37 AM (10 years ago)
Author:
[email protected]
Message:

[JSC] Weak should only accept cell pointees.
<https://webkit.org/b/148955>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Since WeakImpls only support pointing to JSCell derived objects,
enforce that at compile time by having the API use JSCell* instead of JSValue.

WeakHandleOwner callbacks now get JSCell& and JSCell*& respectively instead
of wrapping the cell pointer in a Handle<Unknown>.

Also added a static_assert so Weak<T> can't be instantiated with a T that's
not convertible to JSCell.

  • API/JSAPIWrapperObject.mm:

(JSAPIWrapperObjectHandleOwner::finalize):
(JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots):
(JSC::JSAPIWrapperObject::finishCreation):

  • API/JSManagedValue.mm:

(JSManagedValueHandleOwner::isReachableFromOpaqueRoots):
(JSManagedValueHandleOwner::finalize):

  • builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::finalize):

  • builtins/BuiltinExecutables.h:
  • heap/Heap.cpp:

(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize):

  • heap/Heap.h:
  • heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):

  • heap/WeakHandleOwner.cpp:

(JSC::WeakHandleOwner::isReachableFromOpaqueRoots):
(JSC::WeakHandleOwner::finalize):

  • heap/WeakHandleOwner.h:
  • heap/WeakImpl.h:

(JSC::WeakImpl::WeakImpl):
(JSC::WeakImpl::state):
(JSC::WeakImpl::cell):
(JSC::WeakImpl::asWeakImpl):
(JSC::WeakImpl::jsValue): Deleted.

  • heap/WeakInlines.h:

(JSC::Weak<T>::Weak):
(JSC::>):
(JSC::Weak<T>::operator):
(JSC::Weak<T>::get):
(JSC::Weak<T>::was):

  • heap/WeakSet.h:
  • heap/WeakSetInlines.h:

(JSC::WeakSet::allocate):
(JSC::WeakBlock::finalize):

  • jit/JITThunks.cpp:

(JSC::JITThunks::finalize):

  • jit/JITThunks.h:
  • jsc.cpp:

(WTF::ElementHandleOwner::isReachableFromOpaqueRoots): Deleted.

  • runtime/JSCell.h:

(JSC::jsCast):

  • runtime/RegExpCache.cpp:

(JSC::RegExpCache::finalize):

  • runtime/RegExpCache.h:
  • runtime/Structure.cpp:

(JSC::StructureTransitionTable::singleTransition):
(JSC::StructureTransitionTable::setSingleTransition):

Source/WebCore:

Update WebCore bindings for the new Weak and Weak-related signatures.

  • bindings/js/JSCSSRuleListCustom.cpp:

(WebCore::JSCSSRuleListOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSCSSValueCustom.cpp:

(WebCore::JSCSSValueOwner::isReachableFromOpaqueRoots):
(WebCore::JSCSSValueOwner::finalize):

  • bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackDataWeak::WeakOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSCallbackData.h:
  • bindings/js/JSMutationObserverCustom.cpp:

(WebCore::JSMutationObserverOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSNodeCustom.cpp:

(WebCore::isReachableFromDOM):
(WebCore::JSNodeOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSNodeListCustom.cpp:

(WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):

  • bindings/js/JSTextTrackCueCustom.cpp:

(WebCore::JSTextTrackCueOwner::isReachableFromOpaqueRoots):

  • bindings/js/WebCoreTypedArrayController.cpp:

(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):

  • bindings/js/WebCoreTypedArrayController.h:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestActiveDOMObjectOwner::finalize):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomConstructorWithNoInterfaceObjectOwner::finalize):

  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::JSTestCustomNamedGetterOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestCustomNamedGetterOwner::finalize):

  • bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventConstructorOwner::finalize):

  • bindings/scripts/test/JS/JSTestEventConstructor.h:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTargetOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestEventTargetOwner::finalize):

  • bindings/scripts/test/JS/JSTestEventTarget.h:
  • bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestExceptionOwner::finalize):

  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::JSTestGenerateIsReachableOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestGenerateIsReachableOwner::finalize):

  • bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestInterfaceOwner::finalize):

  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::JSTestMediaQueryListListenerOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestMediaQueryListListenerOwner::finalize):

  • bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNamedConstructorOwner::finalize):

  • bindings/scripts/test/JS/JSTestNamedConstructor.h:
  • bindings/scripts/test/JS/JSTestNondeterministic.cpp:

(WebCore::JSTestNondeterministicOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestNondeterministicOwner::finalize):

  • bindings/scripts/test/JS/JSTestNondeterministic.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::JSTestObjOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestObjOwner::finalize):

  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::JSTestOverloadedConstructorsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverloadedConstructorsOwner::finalize):

  • bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::JSTestOverrideBuiltinsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestOverrideBuiltinsOwner::finalize):

  • bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::JSTestSerializedScriptValueInterfaceOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestSerializedScriptValueInterfaceOwner::finalize):

  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestTypedefsOwner::finalize):

  • bindings/scripts/test/JS/JSTestTypedefs.h:
  • bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::JSattributeOwner::isReachableFromOpaqueRoots):
(WebCore::JSattributeOwner::finalize):

  • bindings/scripts/test/JS/JSattribute.h:
  • bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::JSreadonlyOwner::isReachableFromOpaqueRoots):
(WebCore::JSreadonlyOwner::finalize):

  • bindings/scripts/test/JS/JSreadonly.h:
  • bridge/runtime_root.cpp:

(JSC::Bindings::RootObject::finalize):

  • bridge/runtime_root.h:

Source/WebKit2:

  • WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::finalize):

  • WebProcess/Plugins/Netscape/NPRuntimeObjectMap.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/API/JSAPIWrapperObject.mm

    r179728 r189616  
    3434#if JSC_OBJC_API_ENABLED
    3535
    36 class JSAPIWrapperObjectHandleOwner : public JSC::WeakHandleOwner {
     36class JSAPIWrapperObjectHandleOwner final : public JSC::WeakHandleOwner {
    3737public:
    38     virtual void finalize(JSC::Handle<JSC::Unknown>, void*) override;
    39     virtual bool isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void* context, JSC::SlotVisitor&) override;
     38    void finalize(JSC::JSCell*&, void*) override;
     39    bool isReachableFromOpaqueRoots(JSC::JSCell&, void* context, JSC::SlotVisitor&) override;
    4040};
    4141
     
    4646}
    4747
    48 void JSAPIWrapperObjectHandleOwner::finalize(JSC::Handle<JSC::Unknown> handle, void*)
     48void JSAPIWrapperObjectHandleOwner::finalize(JSC::JSCell*& cell, void*)
    4949{
    50     JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
    51     if (!wrapperObject->wrappedObject())
     50    auto& wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject&>(*cell);
     51    if (!wrapperObject.wrappedObject())
    5252        return;
    5353
    54     JSC::Heap::heap(wrapperObject)->releaseSoon(adoptNS(static_cast<id>(wrapperObject->wrappedObject())));
    55     JSC::WeakSet::deallocate(JSC::WeakImpl::asWeakImpl(handle.slot()));
     54    JSC::Heap::heap(&wrapperObject)->releaseSoon(adoptNS(static_cast<id>(wrapperObject.wrappedObject())));
     55    JSC::WeakSet::deallocate(JSC::WeakImpl::asWeakImpl(&cell));
    5656}
    5757
    58 bool JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, JSC::SlotVisitor& visitor)
     58bool JSAPIWrapperObjectHandleOwner::isReachableFromOpaqueRoots(JSC::JSCell& cell, void*, JSC::SlotVisitor& visitor)
    5959{
    60     JSC::JSAPIWrapperObject* wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject*>(handle.get().asCell());
     60    JSC::JSAPIWrapperObject& wrapperObject = JSC::jsCast<JSC::JSAPIWrapperObject&>(cell);
    6161    // We use the JSGlobalObject when processing weak handles to prevent the situation where using
    6262    // the same Objective-C object in multiple global objects keeps all of the global objects alive.
    63     if (!wrapperObject->wrappedObject())
     63    if (!wrapperObject.wrappedObject())
    6464        return false;
    65     return JSC::Heap::isMarked(wrapperObject->structure()->globalObject()) && visitor.containsOpaqueRoot(wrapperObject->wrappedObject());
     65    return JSC::Heap::isMarked(wrapperObject.globalObject()) && visitor.containsOpaqueRoot(wrapperObject.wrappedObject());
    6666}
    6767
     
    8787{
    8888    Base::finishCreation(vm);
    89     WeakSet::allocate(this, jsAPIWrapperObjectHandleOwner(), 0); // Balanced in JSAPIWrapperObjectHandleOwner::finalize.
     89    WeakSet::allocate(*this, jsAPIWrapperObjectHandleOwner(), 0); // Balanced in JSAPIWrapperObjectHandleOwner::finalize.
    9090}
    9191   
Note: See TracChangeset for help on using the changeset viewer.